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Abstract 

The vast majority of RFID authentication protocols assume the prox- 
imity between readers and tags due to the Hmited range of the radio 
channel. However, in real scenarios an intruder can be located between 
the prover (tag) and the verifier (reader) and trick this last one into think- 
ing that the prover is in close proximity. This attack is generally known 
as a relay attack in which scope distance fraud, mafia fraud and terrorist 
attacks are included. Distance bounding protocols represent a promis- 
ing countermeasure to hinder relay attacks. Several protocols have been 
proposed during the last years but vulnerabilities of major or minor rel- 
evance have been identified in most of them. In 2008, Kim et al. |18| 
proposed a new distance bounding protocol with the objective of being 
the best in terms of security, privacy, tag computational overhead and 
fault tolerance. In this paper, we analyze this protocol and we present a 
passive full disclosure attack, which allows an adversary to discover the 
long-term secret key of the tag. The presented attack is very relevant, 
since no security objectives are met in Kim et al.'s protocol. Then, design 
guidelines are introduced with the aim of facilitating protocol designers 
the stimulating task of designing secure and efficient schemes against relay 
attacks. Finally a new protocol, named Hitomi and inspired by [18|, is 
designed conforming the guidelines proposed previously. 

Keywords— RFID, distance bounding protocols, relay attacks, ter- 
rorist fraud attacks, full disclosure attacks. 

1 Introduction 

Radio-Frequency Identification (RFID) is one of the most promising technolo- 
gies in identifying items (i.e. persons, animals or products) with high accuracy 
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and it overcomes all the other relevant technologies (i.e. barcodes) [IS]. While 
barcodes facilitate the identification process of the brand and model of a prod- 
uct, RFID tags offer the possibihty to distinguish products of the same kind 
(i.e. unequivocal identification of labeled items). Specifically, an RFID system 
is composed of three main components: tags, readers and a back-end database. 
The readers (transceivers) interrogate tags (transponders) to access the infor- 
mation stored in their memory. Afterwards, they pass this acquired information 
to a back-end database which employs it as a search index to allocate all the in- 
formation associated with the target tag. Readers and tags use a radio channel 
for communication, which is commonly assumed to be insecure. On the other 
hand, readers and the back-end database have sufficient power to provide full 
cryptographic security. 

RFID technology present a lot of advantages and broad applicability. How- 
ever, the massive adoption of this technology is delayed due to its associated 
security threats [121 HXj. In this paper, we focus on relay attacks, a type of at- 
tack which has been gaining attention recently. For example, Hlavac and Rosa 
[T5] notice how proximity cards conforming to ISO/IEC 14443 can be abused 
by a relay attack exploiting the extended timeouts in the communication. 

2 Related Work 

Generally, a relay attack is a kind of a man-in-the-middle attack, in which 
an attacker relays messages from an authentic tag to a legitimate reader. If 
the attack is successful, the adversary tricks a valid reader into believing that 
it is communicating with a valid tag and that this tag is within a particular 
physical distance. As an alternative, the signal strength could be used as a 
measure for the detection of relay attacks. Nevertheless, this approach is not 
effective when the adversary is more sophisticated and transmits with much 
more power than expected. Distance bounding protocols were first introduced 
by Brands and Chaum to preclude distance fraud and mafia fraud attacks. 
The authors proposed a mechanism to infer an upper bound of the distance 
between the verifier and the prover by measuring the round trip delay during a 
rapid challenge-response bit exchange of n rounds. Around fifteen years later, 
Hancke and Kuhn [13] proposed a distance bounding protocol in the context of 
RFID technology which may be considered a seminal paper in this research area. 
Later, Munilla and Peinado [52] proposed a protocol inspired by [13] in which 
the success probability of an adversary to accomplish a mafia fraud attack is 
reduced. However, the feasibility of this scheme is questionable since it requires 
three physical states {0, 1, void}. Singelee and Preneel [26j proposed a distance 
bounding protocol which uses an error correction code to facilitate the correc- 
tions of errors (in noisy channels) during the rapid bit exchange. Nevertheless, 
this scheme's security and implementation cost on RFID tags is questioned 
in [53] . Finally, the above mentioned protocols do not address terrorist fraud 
attacks, which can be considered an extension of mafia fraud attacks. In 2007, 
Tu and Piramuthu |27j addressed both terrorist and mafia fraud attacks and 
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Figure 1: Distance, Mafia and Terrorist Fraud Attack 



proposed an enhancement scheme. The authors used ideas previously presented 
in [25] to prevent terrorist attacks. Nevertheless, Kim et al. [18j noted that Tu's 
and Piramuthu's protocol is vulnerable to a simple active attack and proposed 
a new protocol attempting to correct the defenses of all its predecessors. 



Our contribution. In this paper, we analyze the protocol proposed by Kim 
et al. |18) . which may currently be considered the most secure and efficient dis- 
tance bounding protocol in the class of protocols that include a final signature. 
However, we show that their protocol presents a vulnerability which renders it 
insecure to a passive attack. We need to note here that passive attacks are much 
less exigent than active attacks (e.g. mafia and terrorist fraud attacks) since 
the attacker only has to eavesdrop the messages transmitted on the channel. As 
a consequence of the passive attack presented below, the attacker can acquire 
the full long-term secret key of the tag. We also provide some guidelines for 
designing secure and efhcient distance bounding protocols that are resistant to 
relay attacks and passive eavesdroppers. Finally, we introduce - and provide a 
security and performance analysis - the Hitomi RFID distance bounding proto- 
col which complies with the proposed guidelines and is suitable for constrained 
devices. 



3 Relay Attacks 

When designing an RFID distance bounding protocol three real-time frauds 
O 1^ need to be addressed: 1) distance fraud attacks; 2) mafia fraud attacks; 
3) terrorist fraud attacks (Fig. [T]). 

Definition 1 In distance fraud, two entities are involved: the first (the honest 
reader R) is not aware of the attack performed by the second party (the fraudulent 
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tag T). The fraud enables T to convince R of a wrong statement related to its 
physical distance to R. 

Definition 2 In mafia fraud, three entities are involved: the two first (honest 
tag T and reader R) are not aware of the attack performed by the third party 
(intruder I). The fraud enables I to convince R of an assertion related to the 
private key of T . 

The mafia fraud was first described by Desmedt (TU]- In this fraud, the intruder 
is modeled as a couple {T, i?}, where T is a dishonest tag interacting with the 
honest reader R and i? is a dishonest reader interacting with the honest tag T. 
With the help of i?, R is convinced by T of an assertion related to the private 
key of T. Specifically, the assertion consists on the fact that the tag T is within 
a particular physical distance. 

Definition 3 In terrorist fraud, three entities are involved: the first ( the reader 
R) is not aware of the attack performed by the two collaborating parties (the 
dishonest tag T and the intruder or terrorist tag T). The fraud enables T to 
convince R of an assertion related to the private key of T . 

This attack can be viewed as an extension of the mafia fraud attack. In this 
fraud, the dishonest tag T collaborates with the terrorist tag T. The dishonest 
tag T uses T to convince R that it lies in close proximity, while in fact it does 
not. Nevertheless, the long-term secret key of T is not revealed to the terrorist 
tagT. 

Apart from distance bounding protocols, constrained channel, context shar- 
ing, isolation, unforgeable channel, time of flight are general techniques which 
offer complete or partially resistance to relay attacks. In fact, only the isolation 
technique offers protection against distance, mafia and terrorist fraud attacks. 
We urge the reader to consult ^1 for a complete description of these techniques. 

4 Terrorist Fraud Attacks 

This section briefly describes a selection of distance bounding protocols that 
aim to guard against terrorist fraud attacks. The reader is urged to consult 
each cited reference for a detailed description of each approach. 

In [S], Bussard and Bagga addressed the fraud where a malicious prover 
and an intruder collaborate to cheat a verifier. A secret sharing strategy is 
proposed to combat terrorist fraud attacks. More precisely, the prover picks a 
random one-time key a and encrypts its private long-term key x according to 
a publicly known symmetric encryption algorithm {Ea{x)}. The prover then 
splits his permanent secret key into two shares by computing Z'^ :— a and 
Ea{x). Apart from the distance-bounding stage, the whole scheme is completed 
by a bit commitment scheme and a proof of knowledge stage based on public 
cryptography. The resources (i.e. computation, storage, power consumption. 
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etc.) needed to support on-chip these two stages render this approach useless 
for constrained devices such as low-cost RFID tags. 

Reid et al. |25j replaced asymmetric cryptography by symmetric cryptog- 
raphy in order to facilitate implementation on devices with limited resources 
(i.e. sensor networks, RFID tags, etc.). The prover computes a session key 
{o. ■— fx{IDA,IDB,rA,rB)}, where / denotes a keyed hash function. Finally, 
the prover splits his permanent secret key into two shares by computing := a 
and := a © x. 

Tu and Piramuthu \27\ proposed a new protocol arguing that in ^25, the 
identities of the prover and the verifier are transmitted in clear and thus, can 
be easily traced. Nevertheless, Tu and Piramuthu do not take into considera- 
tion that Reid et al.'s protocol is not proposed in the context of RFID where 
anonymity and untraceability is a security objective. On the other hand, they 
claim - as in |18j - that the probability with which a mafia fraud attack can occur 
is bounded by (7/8)" [23]. This argumentation is completely incorrect because 
Tu and Piramuthu conclude this based on the fact that f x{IDat ID BtT ATI's) 
and fx{IDA,IDB,r'j^,rB) only differ in 1/4 of the bits given that the only ar- 
gument that changes is r^, while the rest remain constant. However, at least 
half of the bits are changing since / is a keyed hash function (e.g. CBC-MAC 
or HMAC) as suggested in ^25]. 

Theorem 1 In Reid et al. 's protocol, the probability that a mafia fraud attack 
can occur is bounded by (|)" \20f . 

For a detailed proof of this theorem, the reader is urged to consult 
Although we recommend reading the original paper, we include a sketch proof 
for completeness. 

Sketch Proof An adversary could slightly accelerate the clock signal provided 
to the tag and transmit an anticipated challenge c[ before the reader sends its 
challenge Ci to the tag. In half of the times, these values fit in, that is = c,, and 
therefore the adversary will have in advance the correct answer to the reader. 
In the other half of the cases, the adversary can transmit a guessed bit, being 
correct in half of the times. So, the adversary has 3/4 probability of answering 
correctly. Assuming that the success probability at each round is independent 
of previous successes, the total probability of success for an adversary is (3/4)" 
for n rounds. 

In [IS], an active attack against the Tu's and Piramuthu's protocol is pro- 
posed. The core idea consists of the attacker toggling a bit sent by the reader 
in the rapid bit exchange, while leaving the response untouched. The attacker 
observes the reader's response and derives a bit of the long term secret key. 
To prevent this attack, the message is incorporated by Kim et al. in their 
proposed scheme (Fig. 2). 
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5 Kim et al.'s Distance Bounding Protocol 



Kim et al. [TS] proposed two authentication protocols. They proposed both a 
simple as well as a more efficient variant of their protocol. For ease of exposition, 
we shall only describe the simpler scheme. The reader should note that our 
proposed attack is equal effective against any of these two schemes since they 
are based on the same assumptions. The basic protocol (Fig. 2) is composed of 
three phases: 

• Preparation Phase: The RFID reader first chooses a random number 
Na and transmits it to the tag. On receiving it, the tag chooses a random 
number Nb and computes a temporary key a :— fxiCs, Nb), where x 
is the permanent secret key and C'b is just a system-wide constant. The 
tag then splits its permanent secret key x into two shares by computing 
Z'^ := a and :— a (B x. Finally, the tag transmits Nb to the reader. 

• Rapid Bit Exchange: This phase is repeated n times, with i varying 
from 1 to n, and the challenge-response delay is measured for each step. 
The reader starts by choosing a random bit c^, initializing the clock to 
zero and transmitting Ci to the tag. The values received by the tag are 
denoted by c-. Next, the tag answers by sending r- := Z^\ The values 
received by the reader are denoted by r^. On receiving r^, the reader stops 
the clock and stores the received answer and the delay time Ati. 

• Final Phase: The tag computes Ib ■— fx{c'i,.--,c'j^,ID,NA,NB)- On 
receiving it, the reader performs an exhaustive search over its tag database 
until it finds a pair {ID, x) that matches up with the received value Ib- 
The reader computes the values and Z^ and checks the validity of the 
responses sent during the rapid bit exchange. If errors (errc -I- err^ -I- errt) 
are below a threshold r, the tag is authenticated. Finally, in cases in 
which reader authentication is also demanded, the reader computes Ia ■= 
fx{NB) and sends it to the tag. 

The authors argue that the security bound against mafia fraud attacks is 
(|)". Regarding the terrorist fraud attacks, they evince that this is bounded by 
(|)" assuming that the adversary knows at least n-v bits of the long-term secret 
key. Finally, the authors claim that privacy is guaranteed since no confidential 
information is transmitted on the clear. However, Kim et al. are not aware that 
the two versions of the protocol, as shown in Sections [6] and [7j are vulnerable 
to a passive attack which compromises all the above objectives. 

6 A Full Disclosure Passive Attack 

In this section we present a passive attack against Kim et al.'s 18 protocol 
which takes advantage of the weak protection mechanism adopted against ter- 
rorist fraud attacks. The described attack is not only applicable to [T5] but it 
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Figure 2: Swiss-Knife RFID Distance Bounding Protocol 
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is also exploitable against its two predecessors [571 US] ■ 

Assumption 1 Our main assumption is that the random numbers generated 
by a tag do not have a long bit length (i.e. 64 or 80 bits). 

The above assumption has two main justifications: 

• Tag Resources: Low-cost RFID tags have widespread commercial adop- 
tion [5]. Such tags have severe resource constrains and support an on- 
board Pseudorandom Number Generator (PRNG) with length 16 or 32 
bits (e.g. Gen-2 tags jjl]). 

• Protocol Description: In the original paper, the authors do not specify 
the length of the variables used. However, we can deduce it from how the 
messages are built: 1) The long-term secret key x and the temporary key a 
have the same bit length due to the use of the bitwise operator in the com- 
putation of Z''\ This length is fixed to n and represents the number of bits 
exchanged during the rapid bit exchange phase. Thus, we may conclude 
that the PRNG function used to generate the temporary key outputs n 
bits at each invocation; 2) Besides the temporary key computation, the 
tag has to generate a random number {Nb in the protocol description). 
For that computation the use of the PRNG function seems the most con- 
venient option to conform with the demanding hardware restrictions of 
the tags. 

From 1) and 2), we may conclude that the random number Nb, gener- 
ated by the tag has the same bit length as the number of bits (n in the 
protocol description) transmitted during the rapid bit exchange phase. 
Summarizing, if we need to implement the protocol, we can assume that 
all the variables in the protocol ~ long-term secret key x, session key a 
and random number Nb ~ have a length of n bits. 

Remark 1 In Kim et al. 's \1<^ protocol, the correct selection of the parameter 
n - number of hits exchanged during the rapid bit exchange phase - determines 
the feasibility of the protocol. Although high values of n (i.e. n = 64 or n = 80^ 
are more secure, they are impractical due to the scarce resources in RFID tags 
1^. So, the n's bit length is restricted to inferior values (e.g. 32 bits). 

Kim et al. proposed that the tag sends := a; or Z} := © Xi when 
receiving the challenge = or = 1 respectively. Knowing and Z^ makes 
it easy to calculate the value of the long-term secret key x, since Z*^ ® = x. 
The authors argue that the use of Z° and Z^ frustrates terrorist attacks since 
dishonest tags (T) can not transmit both values to an intruder (J). Nevertheless, 
we show that a passive attacker can discover the long-term secret key x without 
requiring any collaboration with T or alteration/forwarding of the messages 
transmitted on the channel. 
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Theorem 2 In Kim et al. 's JlSf protocol, a passive attacker can derive the 
long-term secret key of the tag (the prover) by eavesdropping on the channel 
over multiple executions of the authentication protocol. 

Proof Let us suppose that n — 1, meaning that the challenges-responses trans- 
mitted during the rapid bit exchange phase have a length of 1 bit. The attacker 
performs the following steps: 

1. He eavesdrops one authentication session. He identifies the session by the 
random number Nb sent by the tag just before the start of the rapid 
bit exchange phase. Then, he stores the bits {ci,ri} transmitted (on the 
clear) during the rapid bit exchange phase. 

2. He eavesdrops a new authentication session. If the value is equal to 
the value stored in Step 1, then the attacker stores {c*,r*} and jumps to 
the next step. Otherwise, he repeats this step. 

3. He checks the non equality between q and c* . li Ci ^ c* , then Xi — riO) r* 
(i.e. Xi = Qi® {oi © Xi) = (fli © Xi) © Oi). Otherwise, Step 2 is repeated. 

The generalization of the attack for an arbitrary value n is straightforward: 

1. The attacker eavesdrops one authentication session. He identifies the ses- 
sion by the random number Ng sent by the tag just before the start of the 
rapid bit exchange phase. Then, he stores the bits {ci,ri}'^^i transmitted 
(on the clear) during the rapid bit exchange phase. 

2. He eavesdrops a new authentication session. If the value is equal to 
the value stored in Step 1, the attacker stores {c*,r,*}"^j and jumps to 
the next step. Otherwise, he repeats this step. 

3. For i = 1 to n, he compares the non-equality between Ci and c*. If Ci ^ c*, 
then Xi = ri ® r* . The attacker stops when all the bits of Xi has been 
disclosed; otherwise he jumps to Step 2. 

Therefore, the attacker is able to disclose the tag's long-term secret key by 
eavesdropping phase several authentication sessions on the rapid bit exchange. 
In the next section, we analyze the number of sessions required for a successful 
disclosure of the tags' long-term secret key. This depends on both the number 
of challenge-response bits n transmitted during the rapid bit exchange phase 
and the channel bit error (Bit Error Rate - BER). We should note here that 
the presented attack is the most harmful attack that a tag can suffer since its 
success enables compromises (i.e. on privacy, traceability) and further attacks 
(i.e. mafia and terrorist fraud attacks, etc.). 

7 Experimental Results 

In this section, we calculate the number of sessions that need to be eavesdropped 
for a successful attack. We start by considering the simple scenario in which 
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there are no transmission errors in the channel. Then, we adopt a more reaUstic 
approach and consider that transmission errors can occur both in the backward 
(tag-to- reader) and in the forward channel (reader-to-tag). 

7.1 Ideal Communication Channel 

We could start implementing directly the attack presented in the above section. 
However, this attack is not very efficient since the average number of sessions 
required to see the same random number Ng is 2~", where n is the bit length 
of the variable Nb ■ It is important to note that the efficiency of the attack can 
be increased dramatically if instead of focusing on an unique random number 
Nb we use information from all of the eavesdropped sessions. We are actually 
creating a dictionary. This dictionary stores the random number Nb of each 
session. The bits {ci,ri}f^-^ transmitted on the channel during the rapid bit 
exchange represent the meaning of each word Nb- The complete procedure 
followed by the attacker is given in detail below: 

1. He initializes the meaning of the words in the dictionary to the null value 
(i.e. V Nb, dictionary [Nb] = null). 

2. He eavesdrops one session of the authentication protocol. He identifies the 
session by the random number Nb sent by the tag: 

(a) He checks if the word Nb exists in the dictionary. If it is not reg- 
istered, he stores the bits transmitted on the channel during the 
rapid bit exchange (i.e. dictionary [Nb] = {ci,ri}"^-^). Otherwise, he 
jumps to the next step. 

(b) He obtains the meaning of the word Nb stored in the dictionary (i.e. 
dictionary[N B] = {c*,r*}"^j). 

(c) He compares the new value eavesdropped with the value stored: For 
i = 1 to n, he compares the non-equality between Ci and c*. If 
Ci 7^ c* , then xt = r,j © r* . 

(d) He checks if all the bits of x are obtained. If that is the case, he 
stops the loop. Otherwise, he updates the meaning of the word Nb 
with the new eavesdropped value and jumps to Step 2. The reader 
should note that a list of all the values (meanings {c^, r^}"^]^) of each 
word Nb could be maintained but this would increase the storage 
demands significatively. To increase performance, we only store the 
last value at the expense of loosing some effectiveness. 

We performed the above simulation for different numbers (n={8, 10, 12,..., 
30}) of challenge- response bits transmitted during the rapid bit exchange. In 
fact, for a fixed value n, we repeat the simulation 2^^ times to obtain an average 
value. The results are presented in Fig. [3] As shown in this figure, the number 
of eavesdropped sessions increases when the number of bits transmitted during 
the rapid bit exchange increases. For example, 3, 310 and 99, 526 eavesdropped 
sessions are required for ti = 20 and n = 30 respectively. 
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Figure 3: Number of Eavesdropped Sessions [BER = 0.0) 
7.2 Real Communication Channel 

In this section we consider that errors can appear in the channeL More pre- 
cisely, we assume that errors are possible both in the backward and the forward 
channel. We assume that the errors are independent of each other and that 
the error probability is constant for all bits. Therefore, the channel (forward or 
backward) produces a bit error with probability q. 

Remark 2 In this section we use the knowledge of the long-term secret key 
for two main purposes. Firstly, we estimate the probability of success for an 
adversary that follows the same approach with that in Section \7.1\ ( ideal com- 
munication channel). Secondly, we reckon the average number of eavesdropped 
sessions required by an adversary for recovering p*n bits of the secret key. The 
parameters p and n represent the percentage of bits that are recovered correctly 
and the bit length of the secret key respectively. 

The adversary, who does not know the long-term secret key, should eavesdrop 
a number of session greater or equal to the number obtained in the experiments 
described in this section to successfully perform his attack. 

We repeat the experiments described in the previous section but this time 
with the introduction of errors. Due to the errors, the probability of success is 
not 100%. That implies that some of the bits guessed may be incorrect. Thus, 
if one or more bits of the key are incorrect, we consider this experiment (attack) 
unsuccessful and only when the whole key is revealed a success is scored. Fig. 
|4] depicts the results of our simulations. We can observe that the probability of 
success is over 80% when the Bit Error Rate (BER) is 10"'^. On the contrary, 
when the BER is extremely high (BER=0.015), the probability of success de- 
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Figure 4: Adversary's Success Probability 



clines exponentially as we increase the number of bits transmitted during the 
rapid bit exchange. 

However, the above attack can be made twice as effective, by increasing the 
number of sessions that need to be eavesdropped. For a particular probability of 
success p, we can estimate the average number of required eavesdropped sessions 
by means of the experiment explained below. In fact, the probability p can be 
interpreted as the percentage of bits that coincided between the searched key 
and the estimated key. The complete procedure followed by the attacker is given 
in detail below: 

1. He initializes the meaning of the words in the dictionary (i.e. V Ng, 
dictionary [Nb] = null), as well as, the list of possible keys to the null 
value. 

2. He eavesdrops one session of the authentication protocol. Each session is 
identified by the random number Nb sent by the tag. 

(a) The attacker checks if the word exists in the dictionary. If it is not 
registered, he stores the bits transmitted on the channel during the 
rapid bit exchange (i.e. dictionary[N B] = {q, Otherwise, 
he jumps to the next step. 

(b) He obtains the meaning of the word Nb stored in the dictionary (i.e. 

dictionary[N B] = {c*,r*}"^j). 

(c) He compares the new eavesdropped value with the value stored: For 
i = 1 to n, he compares the non-equality between Ci and c*. If 
Ci ^ c*, then Xi = r, ® r* . 

(d) He checks if all the bits of x are already disclosed. If they are, he 
stops the loop and jumps to Step 3. Otherwise, he updates the new 
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Figure 5: Number of Eavesdropped Sessions (p = 1 and p = 0.9) 

meaning of the word with the new eavesdropped value and jumps to 
Step 2. 

3. Key searching: 

(a) The attacker stores the new key in the Ust of possible keys. 

(b) He derives the most common value that appears in the list of possible 
keys. 

(c) He compares the most common value of the key (derived from the 
previous step) with the pursued key (see Remark 1). If the differences 
(in bits) between these two values is lower than p*n, the whole process 
stops. Otherwise, he jumps to Step 2 again. 

We perform a careful study of the number of sessions required, by following 
the above experimental procedure. As previously, we perform 2^^ independent 
trials to obtain an average value. Fig. 4-6 summarize the results obtained. 

Fig. [5] depicts the number of sessions required for p = 1 and p ~ 0.9. By 
comparing these results, we observe that the number of sessions is increased 
by an order of magnitude when the percentage of recovered bits of the key is 
increased from 90% to 100%. For p = 0.9, the influence of errors in the channel 
is only slightly noticeable when the BER is extremely high. However, for p = 1, 
the effect of the BER is marked. As expected, the number of required sessions 
increases when the number of challenge-response bits transmitted during the 
rapid bit exchange raises and/or the number of errors in the channel (BER) 
increases. 

Fig. [6] depicts the number of required eavesdropped sessions for very noisy 
channels. Specifically, we show how the number of required eavesdropped ses- 
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Figure 6: Number of Eavesdropped Sessions (BER = 0.03 and BER = 0.06) 



sions changes as the number of bits increases for probabiUty p {p — {0.6, 0.7, 0.8, 0.9}) 
and BER values (BER = 0.03 or BER = 0.06). For a moderately high BER = 
0.03, there is no significant difference between the number of sessions required 
for recovering a part of the key (i.e. 60-70%) or almost the whole key (i.e. 90%). 
On the contrary, this difference is evident for higher BER (i.e. 0.06 in the Fig. 
[6]). From these figures we conclude that when the BER is low, the additional 
effort required to obtain a larger percentage of the key is small. 

The effect of noise becomes clearer in Fig. [7] which shows the number of 
required eavesdropped sessions to fully obtain the key {p — 1), versus the num- 
ber of bits in the bit exchange phase, for three different BER values (BER = 
{0.03, 0.06, 0.09}). As a rule of thumb, we observe that when the BER is twice 
as much as was previously simulated, the number of required session is multi- 
plied at least by a factor of three. Nevertheless, even for an extremely high BER 
= 0.03, the number of required eavesdropped sessions is inferior to the number 
of attempts that an adversary would need to perform a brute force attacl|^ (i.e. 

^ of Required Sessions ^ -i \ 



Remark 3 As we already mentioned before, the feasibility of the described at- 
tack is significantly superior to that of a brute force attack. As a rule of thumb, 
2? << 2", where n represents the number of challenge-response bits transmitted 
during the rapid bit exchange phase. On the other hand, we are aware of the 
main drawback of this passive attack. Specifically, the attack requires the tag to 
be engaged in many sessions; something that is not required for the brute force 
attack. 

^If the number of bits transmitted during the rapid bit exchange phase is n, then the 
attacker has to guess a word of n bits. 
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Figure 7: Number of Eavesdropped Sessions (BER = {0.03, 0.06, 0.09}) 

Remark 4 In III a formal framework to cryptanalyse distance bounding pro- 
tocols is presented. According to this proposal, our attack can be classified as 
a "no-ask" strategy since the adversary does not interact at all with the prover 
during the attack. 



8 Design Guidelines 

In this section we describe the standard procedures that protocol designers 
should consider to propose a secure and efficient RFID protocol against relay 
attacks. This is the first time - to the best of our knowledge - that a complete 
set of guidelines is presented. Our work complements the formal framework 
for crypt analyzing distance-bounding protocols proposed by Avoine et al. [1]. 
Particularly, we focus on distance-bounding protocols in which the RFID reader 
(prover) sends a single-bit challenge and the tag (verifier) replies with a rapid 
single-bit response. The above procedure is repeated n times, where n repre- 
sents a security parameter. Finally, the reader computes an upper-bound of the 
distance between both entities by measuring the delay time between the chal- 
lenges and responses, which is based on the fact that messages cannot propagate 
faster than light. We emphasize that the tag should send its answer immediately 
after receiving a challenge from the reader for the bound to be tight. 

8.1 Distance Fraud Attacks 

A distance fraud attack is possible when there is no relationship between the 
challenge bits and the response bits exchanged during the distance verification. 
If a fraudulent tag T knows when the challenge bits will be sent, it can trick 
the reader R by sending the response bits before receiving the challenge bits. 
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Thus, R computes a wrong upper bound regarding its physical distance to T. To 
resolve this problem, we present three solutions. Of those, we mostly recommend 
the third as it is the most feasible. 

• Solution A: The RFID reader sends challenge bits at random chosen 
times. Due to this countermeasure, T cannot send response bits before he 
has received the challenge bits as T can not predict when the reader will 
expect a response. Brands and Chaum [7] suggested that it is sufficient 
for R to send its response randomly at one of two discrete times (i.e. each 
3i or 3i + 1 clock cycles). This strategy has a success probability of (I)" 
if the selection of discrete times is random. 

• Solution B: The RFID reader can use void challenges [22] to detect 
that T is not waiting to receive the challenge bits. A void challenge is 
a challenge which the reader intentionally leaves without sending. That 
is, the challenge bits Ci sent by the reader can take three different values 
{0, 1, void}. If the reader detects that a response bit is received during the 
interval of a void challenge, the dishonest tag T is detected. As previously, 
the strategy has a success probability of (5)". Note that the inclusion of 
void challenges is equivalent to transmitting the challenge bits q = {0, 1} 
at randomly chosen times. 

• Solution C: The tag T must select its response depending on the chal- 
lenge sent by the reader R. A possible scheme is presented below: 

— Step 1: R generates at random n bits c^. 

— Step 2: T generates at random n bits rrii and commits these bits 
using a secure commitment scheme (i.e. commit{mi, ...,to„})[^ 

— Step 3: The rapid bit exchange phase can start. This phase is 
repeated n times, with i varying from 1 to n, and the challenge- 
response delay is measured for each step: 

* R sends the bit Ci to T and initializes the clock to zero. 

* T sends the bit = Ci © immediately after he receives c^. 

* On receiving r^, R stops the clock and stores the delay time. 

— Step 4: T opens the commitment and R verifies whether {ci ® 
equals {mi}"^-^^. If so, R computes an upper bound on the distance 
to T using the maximum of the measured delay times. 

Similarly to solution A the success probability for an adversary is at most 

Theorem 3 // an RFID tag is not in close proximity to an RFID reader then, 
independently of the selected strategy {A,B,C} to avoid distance frauds, the 
success probability for an adversary to launch a distance fraud attack is at most 

^As an alternative solution, Brands and Chaum [7] suggested to create a public bit string 
{mi, m„}, where the choice of bits rrii is irrelevant. 
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8.2 Mafia Fraud Attacks 

Hancke and Kuhn [13] proposed a distance bounding protocol which incorpo- 
rates the use of a rapid bit exchange phase. In this protocol, the success proba- 
bihty with which a mafia attack can succeed is bounded by (|)" [37]. However, 
this probability is superior than the optimal value (5)". To achieve this optimal 
value, as suggested in [THl [7j , the tag has to sign or encrypt the bits sent back 
and forth during the rapid bit exchange. A possible scheme is presented below, 
where R and T denote the reader and the tag respectively. 

• Step 1: R generates at random n bits 

• Step 2: T generates at random n bits r^. 

• Step 3: The rapid bit exchange phase can start. This phase is repeated 
n times, with i varying from 1 to n, and the challenge-response delay is 
measured for each step: 

— R sends Ci to T and initializes the clock to zero. 

— T sends the bit ri — Ci ® mi to the reader R immediately after he 
receives c^. 

— On receiving r^, R stops the clock and stores the received value and 
the delay time. 

• Step 4: T concatenates the challenges and responses to create a message 
{ci||c2||...||c„||ri||r2||...||r„} of length 2n. Then, he signs or encrypts the 
resulting message, and sends the result to R. 

The reader R determines an upper bound on the distance to the tag us- 
ing the maximum of the delay times measured. Finally, he accepts this value 
once the correctness of the challenge-response bits are checked by using the last 
encrypted/signed message. 

Theorem 4 // the signature / encryption scheme is secure and the tag is not in 
physical proximity to the reader, an adversary has a success probability upper 
bounded by (i)" IM\^- 

The main drawback of using a final signature at the end of the protocol is 
the fact that this message has to be sent by normal communication method with 
error detection or correction technique [17^. The execution time of the whole 
protocol is thus increased in comparison with protocols that omit this last mes- 
sage. However, the existing alternatives (void-challenges [22], predefined chal- 
lenges [T7], tree-based approach .^3, and multistate enhancement P]) have other 
relevant drawbacks such as excessive memory requirements and performance 
problems (i.e. complex coding schemes and greater bandwidth requirements). 
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8.3 Terrorist Fraud Attacks 



Bussard [H |9] suggested a mechanism through which it is impossible to mount 
a successful terrorist fraud attack unless the attacker discloses the private key 
in some way. Although Bussard's scheme is correct, it can not be applied to 
devices with limited resources since it relies on public key cryptography. Some 
alternatives have been proposed in the context of low-cost RFID tags but all of 
them are vulnerable to a full disclosure attack conducted by a passive attacker, 
as shown in Sections |6] and [7| As a solution, we present two schemes that offer 
protection against terrorist attacks and conform to the requirements of severely 
resource constrained devices such as RFID tags. Case A assumes that tags 
support an encryption function (E) [HI [H] and a Pseudo-Random Function - 
PRF (/) [19]. In case B, tags only have a PRF and can compute simple bitwise 
operations. These two schemes are described below; where the long-term secret 
key of the tag is denoted by x: 

1. Preparation Phase: The tag computes a temporary key (e.g. a = 
fxiNu, Nt, W)), where iV/j/T denotes a random number generated by the 
reader (i?) / tag (T) and W represents any additional parameter. The tag 
then splits its permanent secret key x into two shares by computing: 

- Case A: Z° := a and := Ea{x). 

- Case B: := a and Z^ fa{N!j., W) ® x. 

N!j, denotes a random number generated by T and W any extra 
parameter respectively. 

2. Rapid Bit Exchange: This phase is repeated n times, with i varying 
from 1 to n. At every step i, we measure the challenge-response delay 
time. 

• Step 1: R generates a random bit q, initializes the clock to zero 
and transmits q to T. 

• Step 2: T sends the bit := Z^^ to the reader R immediately after 
he receives q. 

• Step 3: On receiving r^, R stops the clock and stores the delay time. 

Theorem 5 If a secure encryption function and/or a pseudo-random function 
is used, the probability with which a terrorist fraud attack can succeed is bounded 
by (1)", when n — v bits of the long-term secret key are revealed from the dis- 
honest tag T to the terrorist tag T . 

Proof Let us suppose that the attacker knows n — v bits of the secret key. 
Additionally, we can assume the worst case scenario in which the dishonest tag 
T transmits the whole n bits of or Z^ to T. In this situation and during 
the rapid bit exchange, T may replay incorrectly for any of the v (from a total 
of n) bits for which it has not obtained the corresponding secret key bits. For 
those cases, in half of the times he receives = and therefore T knows the 
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response in advance as was completely revealed. In the other half of the 
cases {vi — 1), T can send a guessed bit, being correct half of the times (in 
the worst case). Thus, the adversary has 3/4 probability of answering correctly. 
Finally, assuming that the success probability at each round is independent of 
previous successes, the total probability of success is upper bounded by (|)", in 
case n — V bits of the secret key are revealed. 

8.4 Dictionary Attack 

As a consequence of splitting the key to offer protection against terrorist attacks, 
a dictionary attack may be conducted by a passive attacker as presented in 
Sections |6] and [7| In this attack, the adversary takes advantage of observing 
multiple sessions in which the same temporary key - random numbers associated 
to the current session - is used. Specifically, the feasibility of the proposed 
attack is due to the bit length of the random numbers generated by the tags. 
In standard cryptography, bit lengths of 64 or 80 bits are used. However, in 
limited devices (i.e. low-cost RFID tags, sensor nodes, etc.), the bit length of 
variables is drastically reduced due to resource constraints. Thus, the usage of 
several temporary keys and random numbers of small bit length - associated to 
each session - is necessary to thwart this kind of attacks. 

9 The Hitomi RFID Distance Bounding Proto- 
col 

In this section, a new RFID distance bounding protocol is presented. The 
proposed protocol follows the guidelines described in the previous section and 
attempts to offer resistance to the most common attacks (i.e. distance fraud, 
mafia fraud, terrorist fraud and dictionary attacks). Our proposal is not tx 
nihilo, but inspired by the Swiss-Knife RFID distance bounding protocol fTE\ . 
The organization of this section is as follows. First, a description and analysis 
of the protocol is presented. Then, we perform a study of the threshold/errors 
defined in the final phase of the protocol. These errors are similar to those 
defined in the original scheme but a rigorous analysis of these values is missing 
from the original proposal. 

9.1 The Protocol 

The tag and the reader share a long-term secret key x and each tag has a unique 
identifier ID. The tags' capabilities support a Pseudo-Random Function - FRF 
(/) and can perform bitwise operations. To avoid ambiguity, we assume that all 
the variables have the same bit length which is fixed by the number of challenge- 
response bits transmitted during the rapid bit exchange phase and denoted by 
n. The messages exchanged in the different phases (i.e. preparation phase, 
rapid bit exchange phase and final phase) of the protocol (Fig. [s]) are described 
below. 
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Pick a random Nr 



Nr 



Pick a random , d^^d N- 



Pick Ci e {0, 1} 
Start Clock 



Start of rapid bit exchange 

for i = 1 to n 



Z°, if c'i =0 
Z\ , i/ c ■ = 1 



Stop Clock 
Store Ti, Ati 



End of rapid bit exchange 



Check ID via DB 
Compute Z", Z\ R°, fli 
Compute errc :— : Ci ^ c^}, 
errj- :— : Ci — c[ A ^ ^i^}: 
errt := #{i : Ci = A Ati > t^a: 
If errc + err^ + err^ ^ r, 
then REJECT. 

tA ■-fx{NR,b) 



{c'il|ci||...||c;||r;||r^||...||r:,} 

tB := fa:(.m,ID,NR,NTj^, 

, Nt^ ) 



tA 



Compute and compare tA 



Fig. 8. Hitomi RFID Distance Bounding Protocol 



Figure 8: Hitomi RFID Distance Bounding Protocol 
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• Preparation Phase: The protocol starts with a preparation phase that 
involves invocations of the PRF, random number generations and the com- 
putation of several bitwise operations. 

- The reader chooses a random nonce Nji and transmits it to the tag. 

- The tag chooses three random numbers {Nt^jNt^jNts}- Then, it 
computes the temporary keys {a, b} as described below: 



where W and W represent any extra parameters. 

Then, the tag splits its permanent secret key x into two shares by 

computing: 



Finally, the tag transmits {Nt^ , Nt^ , Nt^ } and {W, W'} to the reader. 

• Rapid Bit Exchange Phase: This phase is repeated for n rounds. At 
the i-th round, we measure the challenge-response delay time. 

- R generates a random bit Cj, initializes the clock to zero and sends 

Ci to T. We denote by the value received by the tag, which may 
be non-equal to Cj due to errors or alterations in the channel. 

- T sends the bit r[ := Z^' to the reader immediately after receiving 
c^. Similarly, we denote by r, the value received by the reader. 

- On receiving rj, R stops the clock and stores the delay time. 

• Final Phase: The tag concatenates the challenge and response bits to 

obtain m = {ci||c2ll---l|c'Jkill''2ll---ll''ri}i where m's length is equal to 2n 
bits. Then, it computes is by ciphering the concatenation of to, the tag 
identifier ID and the random numbers involved in the preparation phase. 



Finally, the tag sends the pair {t b , m} to the reader. The reader checks 
the correctness of the values received: 

- The reader performs an exhaustive search in its database until a 
match between a pair {ID,x} and ts is found. 

- The reader computes a local version of the temporary keys {a, b}. 

- The reader checks the validity of the responses received during the 
rapid bit exchange. Specifically: 

* errc- it counts the number of times that Cj ^ c^. 



a:=UNn,NT„W) 

b:=fa{NT,,NT„W' 



) 




tB := Mm,ID,NR,NT,,NT,,NT,) 
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* ervr'. it counts the number of times that Ci — c[ but ^ © 

* errt- it counts the number of times that — c[ but the response 
delay At^ is above a defined time threshold tmax- 

* Finally, it checks if errc + err^ + errt is below a fault tolerance 
threshold r. If not, the protocol is aborted. 

- In those cases in which reader authentication is demanded, a final 
message is exchanged. The reader computes Ia ■— fx[NR,h) and 
transmits it to the tag. Once the tag checks its correctness, the two 
entities are mutually authenticated. 

The protocol provides the mutual authentication between the tag (prover) 
and the reader (verifier). In fact, the Swiss-Knife and consequently the Hitomi 
protocol, both inherit the security properties of the MAPI scheme [H [T2] on 
which these proposals are based. For a detail description of those security 
properties the reader is urged to consult [U [12] . 

In order to guarantee privacy protection, we avoid transmitting identifiers in 
plain-text. More precisely, the tag transmits its identifier after the completion 
of the rapid bit exchange phase. This identifier is anonymized since it is incorpo- 
rated in the computation of which is based on the usage of the PRF and the 
whole collection of nonces linked to the current session. A traceability attack 
using previous protocol executions is not possible since the values transmitted 
on the clear are either random numbers or the output of the PRF, which in- 
cludes the above mentioned nonces as inputs. A disadvantage of this solution is 
that the reader has to conduct an exhaustive search in the back-end database to 
retrieve the identity of the tag. However, there is not known alterative method 
that offers this level of security [TS] . 

The Hitomi protocol, as defined, complies with the guidelines presented in 
Section|8] We adopt Solution C (Section 8.1 ) to thwart attacker plans according 



to distance fraud and attempting to optimize the performance of the proposed 
scheme. Although Solutions A and B are as effective in thwarting distance fraud 
attacks as Solution C, their implementation is more complicated. Furthermore, 
we employ a final signature - a signed message tg containing the received and 
sent challenges - to hinder mafia fraud attacks. We have not examined other 
approaches such as void-challenges and predefined challenges, since we focus on 
protocol simplicity and communication efficiency. 

Corollary 1 Based on Theorems and |^ the success probability of a mafia 
and distance fraud attack against the Hitomi RFID distance bounding protocol 
is upper bounded by {\)"' . 

The secret key x is split into two parts {Z^, Z^} to combat terrorist attacks. 
Basically, the above construction represents a secret sharing strategy. Each time 
the tag is interrogated (c^) in the rapid bit exchange phase, the tag discloses 

only one part of each bit {Z'^^). Thus, no information on the secret key x 
is revealed through the responses bits r^. Additionally, there is a non-linear 
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relation between (Z^) and {Z^) on the contrary with what happens in previous 
proposals [HllTlllS] in which x^ = Zf ® Z}. 

Corollary 2 Due to Theorem [5| and assuming that a secure pseudo-random 
function f is used, the success probability of a terrorist fraud attack against the 
Hitomi RFID distance bounding protocol is upper bounded by {jY, when n — v 
bits of the long-term secret key are revealed from the dishonest tag T to the 
terrorist tag T . 

Remark 5 // we follow the strategy introduced in Section^^ against the Hitomi 
protocol, the dictionary attack has a complexity significantly superior due to two 
m,ain reasons. Firstly, three n-bit random numbers {Nt-^, Nt^t Nt^} take part 
in the generation of the session keys {a,b}. Secondly, the adversary has to 
eavesdrop two sessions in which Ci = c* V i € This last condition is 

due to the fact that Z^ (B Z^ ^ x in our proposed scheme. Summarizing, the 
attacker has to eavesdrop two sessions in which four nonces have the same value 
respectively. If we assume that the attacker is active, then he can choose the 
challenge sent by the reader (adversary) during the rapid bit exchange phase but 
he has no control over the three random numbers generated by the tag. So, the 
number of sessions N - from the birthday paradox - that an adversary has to 
eavesdrop to conduct a successfully dictionary attack is: 



V 1-p 

where n represents the bit length of the random numbers and p is the proba- 
bility of listening two sessions with the same three random numbers. 

Finally, we present a performance comparison of the most well-known exist- 
ing distance bounding protocols that attempt to offer resistance against both 
mafia and terrorist fraud attacks. Table [T] summarizes our assessment. Firstly, 
in Table 1 (A), we indicate if these protocols are vulnerable to any of these 
frauds. In case they are, we give the corresponding success probability for an 
adversary. That is, the probability an adversary deceives a valid reader into 
believing that it is communicating with a valid tag and that this tag is within 
a particular physical distance. This probability is commonly appeared in the 
literature as the False Acceptance Ratio (FAR). More precisely, M-FAR and 
T-FAR represent the false acceptance ratio against mafia and terrorist fraud at- 
tacks respectively. The columns Mafia and Terrorist show whether the defence 
against each of these attacks is an objective of the protocol. 

In Table 1 (B), we first indicate what are the protocols that have a mech- 
anism for handling errors ("Error resistance" column). This is an issue that 
must be addressed explicitly, since the challenge-response bits transmitted in 
the rapid bit exchange phase are sensitive to channel errors. Secondly, we in- 
dicate whether the protocols include privacy protection measures ("Privacy" 
column). It is easy to see that the majority of the proposals put the privacy 
of tag holders at stake due to two main reasons: 1) tags/readers transmit in 
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Table 1: Performance Comparison of distance bounding protocols 





Fraud 


Protocol 


Mafia 


M-FAR 


Terrorist 


T-FAR 


Brands & Chauni 7 


Yes 




No 




Hanchc & Kuhn 13 


Yes 




No 




Rcid ot al. [25]*' 


No 




No 




Tu & Piramuthu [271" 


No 




No 




Swiss-Knife [181^ 


No 




No 




Hitomi 


Yes 




Yes 





Table 1 (A) 



Protoeol 


Err. resis. 


Privacy 


M. Authen. 


tt Op. 


tt Nonces 


Brands & Chaum LZl 


No 




No 


2 


1 


Hanche & Kuhn |ia| 


Yes 




No 


1 


1 


Reid ot al. 'W'^ 




No 


No 


2 


1 


Tu & Piramutliu 27 


Yes 


No 


No 


5 


1 


Swiss-Knife 18 ^ 


Yes 


No 


No 


3(2T) 


1 


Hitomi 


Yes 


Yes 


Yes 


6(5T) 


3* 



Table 1 (B) 



^ The protocol is vulnerable to a full disclosure attack which wrecks all the security 

properties claimed (see Sections [g] and [7|> . 

^ Reader authentication is not a protocol requirement. 

* This is the first protocol that considers and offers resistance to dictionary attacks. 



plain-text their identities; 2) all the tags share a single secret. Thirdly, in 
"Mutual Authentication" column we indicate which protocols provide mutual 
authentication between the verifier (reader) and the prover (tag). Finally, we 
calculate the computation overhead. More precisely, we indicate the number of 
invocations - "Operations" column - of cryptographic primitives such as hash 
functions, pseudo-random functions or symmetric key encryptions. Finally, we 
list the required number of random numbers (nonces) for the execution of each 
protocol ("Nonces" column). 

9.2 The Threshold 

In our protocol, we perform a rapid bit exchange composed of n challenge- 
response rounds. At the end of the rapid bit exchange we count the number of 
misses (errors) e between the transmitted and received challenges and responses. 
More precisely, we consider that a transmitted challenge Ci might be different 
from the received challenge and similarly a transmitted response ri might be 
different from a received response r[. These mismatches between Ci, c[ or r^, r[ 
might be caused either due to noise in the communication channel or due to the 
fact that the tag that tries to be authenticated is not legitimate (an adversary). 

We need to tradeoff the possibility of authenticating an adversary and re- 
jecting a legitimate tag due to some legitimate errors caused by the noise in the 
communication channel. For this purpose, we introduce a threshold r such that 
we shall authenticate the communicating party if and only if e < r. 
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To fully specify the problem, we assume that if we wrongly authenticate 
an attacker A, then we suffer loss L = Ia- On the other hand, if we reject a 
legitimate tag T, then we suffer a loss L — It- In other cases, we suffer no lossj^ 
We wish to minimise the expected loss EL. The expected loss given that the 
communicating party is an attacker A or the tag T, is given respectively by: 

E(L|yl) = Pr(e < t\A) ■ £a + Pr(e > t\A) ■ 

E(L|T) = Pr(£ < t\T) ■ + Pr(£ > t\T) ■ It- 
The expected loss is in any case bounded by the maximum loss: 

Ei < max{E(L|A),E(L|T)} . (1) 

If the attacker A has an error rate that is at least p^, then we can analytically 
express a bound on the probability of falsely authenticating him via the binomial 
formula. However, a simpler expression is given by the following inequality, 
which holds for pA > r/n, by noting that E(e|A) = npA- 

Pr(e < T|yl) < exp(-2n{pA 



n 

exp ( - - {npA - r 



This bound follows from the well-known Hocffding inequality (Equation (131 
in Appendix). Similarly, we can bound the probability of falsely rejecting a tag 
T with error rate pt by: 



Pr(e > t|T) < exp (^~2n{pT 



n' 



exp I {np' 

n 



\2 



for Pt < r/n. 

Henceforth, we always consider the case pt < r/n < pA- Equating the two 
terms in the max operator of ([l]) we obtain, after some elementary manipula- 
tions, a value of t such that they are approximately equal: 

2n(p|.-pi)-log|; 
4:{pt-Pa) 

This can be used as a nearly optimal value for the threshold r, given the bounds 
Pt,Pa on the error probability of the user and attacker respectively, and the 
desired losses £a,^t- 



■'These losses are subjectively set to application-dependent values. Clearly, for cases where 
falsely authenticating an attacker the impact is severe, must be much greater than ij-- 
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9.2.1 Choice of the Threshold for Specific Protocols 

In this section we calculate the values oipA and pt for Kim et al.'s (Swiss-Knife) 
protocol [IH]. These are also valid for the proposed protocol (Hitomi) and can 
be used to select an appropriate value of the threshold t for a given number (n) 
of rapid bit exchange challenge-response rounds. 

In Kim et al.'s distance bounding protocol the condition that aborts the 
authentication of the prover (tag T) is the following: 

ervc + errr + errt > r, 



where Vi S [1, n]: 



ervc 




ervc 




errt 


■■=#{^ 



(3) 
(4) 
(5) 



The optimal strategy for the attacker cannot include delaying to send his 
responses. To see this imagine that the attacker can choose to either wait in 
order to obtain the correct challenge-response pair or to guess. If he does the 
former then the number of errors errt increases by one always. If however he 
guesses, then there is always a non-zero probability that the number of errors 
will not increase. Thus, while the third error errt is useful for detecting classic 
relay attacks, it cannot be part of the attacker's strategy for any of the other 
attacks. That means that if the attacker has the choice to mix the delaying 
strategy with a guessing strategy, it is always better to choose the guessing 
strategy. For this reason, the error errt is disregarded in the analysis. 

Thus, in order to minimise the expected loss, we only need to consider the 
following condition: 

errc + errr ^ t (6) 

Let us assume that q denotes the challenge sent by the reader in the i-th 
round of the rapid bit exchange phase. We denote by the challenge that the 
legitimate tag T received. We assume due to noise, that Ci ^ c[ can occur with 
probability oj G [0, 1/2]. Finally, we use c" to denote the challenge received by 
the attacker A, which may again differ from Ci with probability cj. 

For the attacker A, the probability of making an error e is: 

Pr(e|A) = Pr(£|c ^ c') Pr(c ^ c') + Pr(£|c = c') Pr(c = c') 

= 1.^+Pr(£|c = c')-^ (7) 

It holds that: 

Pr(£|c = c') = Pr(c" = c|c = c') Pr(e|c" = c A c = c') 
+ Pr(c" 7^ c|c = c') Pr(e|c" ^cAc = c') 

={l-u;)-uj + Lj- — -w^ (8) 
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Thus, equation ([t]) using ^ gives us: 



/ 1 - N 1 3a; cj^ + 1 . , 

Pr{s\A) = - + --->— (9) 

assuming that lu < and uj 0. For the legitimate tag T the probabihty of 
making an error e is given by: 

Pr(e|T) = 

Pr(e|c" = c) Pr(c = c) + Pr(e|c" ^ c) Pr(c ^ c) ^ 

uj{l-uj)+Lo = 2uj-uj^ <2lu (10) 

From, equations ^ and (10) we get: 

PA = and pt = 2uj (11) 

By substituting the values of p^, pt in equation ([2]) we get: 

n(5w + l) /o5p 
^= 4 6^' (^2) 

where p = ^ . 

Fig. [9] and [To] depict how the value of the threshold r changes as we increase 
the number of bits (n) exchanged during the rapid bit exchange for various 
values of the probability of noise ui (BER= {0.030^015,0.010,0.01}). Fig. |9] 



depict the results when p = = 1, while figure 10 depict the results when 

p = = 10. In both cases it is obvious that the threshold r reduces as the 
noise w reduces and increases as the numbers of bits n increases. Additionally, 
when the ratio p increases then the threshold r also increases. 

Kim et al. [TS] introduced the use of a threshold t in a distance bounding 
protocol that can be used to avoid the failure of authenticating legitimate tags 
considering that some legitimate errors might be caused due to the noise in the 
communication channel. However, to the best of our knowledge, this is the first 
time that a detailed analysis of the threshold r is provided taking into consid- 
eration the probability of having errors due to the noise in the communication 
channel. 



10 Conclusions 

Physical location is an important security variable. Several techniques can be 
employed to measure the distance between a prover and a verifier. However, 
signal strength is an unreliable indicator of distance, since it can be manipu- 
lated. For this reason, delay-time based measurements such as those employed 
in distance bounding protocols, are more appropriate. Nevertheless, the vast 
majority of these protocols focus on thwarting mafia fraud attacks. This paper 
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Figure 10: The Threshold r for various values of the probability of noise w 
(BER) when p = ft = 10 
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is concerned with terrorist attacks, whose security considerations have not re- 
ceived a lot of attention. In fact, none of the currently existing proposals are 
completely secure against terrorist fraud attacks. In 2008, Kim et al. [18] pro- 
posed a distance bounding protocol (Swiss-Knife protocol), which was claimed 
to cover all security objectives expected from an RFID system. However, we 
assume that Swiss-Knife protocol is vulnerable to a passive attack, which may 
lead to the full disclosure of the secret key shared between the reader and the 
tag. Consequently, all security objectives are compromised. Furthermore, the 
described attack is also applicable to the protocols proposed by Reid et al. [25] 
and Tu and Piramuthu [17], since the Swiss-Knife protocol is based on these 
schemes. Additionally, we provide a set of guidelines that should be followed 
by protocol designers in order to design secure and efHcient distance bounding 
protocols suitable for devices with constrained resources. Finally, a new pro- 
tocol, named Hitomi, conforming to the proposed guidelines is presented and 
analyzed from the point of view of security and performance. The existence 
of more efficient protocols that can offer the same level of security is an open 
problem. 

Lemma 1 (Hoeffding) For any sequence of random variables Xi, . . . , X„ such 
that Xi g [oi , hi] , with fii = E,Xi : 

/ n n \ ^ n^t^ \ 

Prf^X,>5I/^^ + "^) <exp(^-2^,r^^-^— ^j. (13) 
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